Business Directories

Security 'key for firms adopting BYOD'

Manama, February 19, 2012

Businesses have seen a rapid proliferation of employee-owned mobile devices such as smartphones, tablets and laptops, but a major problem for them today is how to give employees both flexibility and mobility, while securing the enterprise, said an expert.

Security must be the prime focus for Middle East businesses adopting enterprise mobility and Bring-Your-Own-Device (BYOD), remarked Stephan Berner, managing director at help AG, a strategic information security consulting specialist in the Middle East.

Smartphone penetration in the region is already at 47 per cent and is set to further rise to 70 per cent by the end of 2016, he said, citing data.

Industry experts in their predictions on the top IT trends for the year have hailed 2012 to be the year of BYOD and enterprises are encouraging employees to embrace this trend.

Berner pointed out that the BYOD offered a number of benefits to the enterprises - the shift of operational expenses to employee, with the worker bearing the cost of hardware, voice and data services and other related expenses, round the clock connectivity and plain employee satisfaction.

Also, given that the devices are not subject to slow upgrade cycles and infrastructure upgrade policies, they tend to be more cutting-edge allowing the enterprise to avail of the latest features and capabilities, he stated.

However, the problem enterprises face today is how to give their employees both flexibility and mobility, while securing the enterprise, said the expert from help AG, a strategic information security consulting company, founded in Germany in 1995 with a major presence in the Middle East.

'One unwritten rule of malware is that when an operating system has reached 10pc market penetration you will start seeing virus and malware being written for it,' Berner pointed out.

Smartphones and mobile devices are no different. Worldwide, the two big players in the market - Google's Android and Apple's iOS - are in a constant battle against threats.

A report by Juniper Networks showed a 472 per cent increase in Android malware samples since July 2011. This is largely due to the open nature of the Android marketplace which allows app developers to post apps to the marketplace without stringent application control.

Thanks to tight regulation, the Apple App Store has been far more secure but there is always a possibility of malware being installed on a jail-broken Apple device since jail-breaking of the device bypasses Apple's software control.

BlackBerry devices which remain popular in the Middle East are almost untouched due to RIM's tight control around the APIs to the BlackBerry operating system.

This control does however affect the openness of the platform negatively which is why the number of applications available for BlackBerry platform is rather limited as compared to iOS and Android.

While malware targeting mobile devices is undoubtedly on the rise, mobile malware should not be a top priority concern for most large businesses. Companies instead should lay emphasis on mobile device security. As workers now use more powerful mobile devices, companies need to be concerned with the physical security of mobile devices and about what mobile devices are downloading from their networks.

The employee still remains at the heart of discussion. Unmonitored access to information even in the form of a synched email account should be perceived as a security liability.

What the IT department needs to address is a consistent way to manage personal devices. This includes formulating accepted guidelines for the use of BYOD in the workplace as well as educating employees on how to protect their devices from potential threats.

With BYOD, information takes precedence - it is the organisation's information that is the liability and not the underlying hardware. Loss or the uncontrolled leakage of data can have a huge business impact. IT departments can employ safeguards such as placing a thin client with suitable authentication on a smart-phone. This can be configured to allow employees to connect to the corporate network while preventing the removal of data, said the expert.

Another effective method of controlling data leakage and access to sensitive data on the device is sand-boxing. This is possible through an application which when installed creates an encrypted area for data storage. This data can be shredded/ deleted if necessary and no other application can access this data area unless the corporate policy allows it.

With the future of mobile computing advancing at a rapid pace, the increased use of high-tech personal devices at the workplace is only but inevitable. Organisations should recognise that BYOD is very much here to stay and should have policies in place to ensure that they are prepared.-TradeArabia News Service